Protection of shared data

摘要

Approaches for protecting a data element are disclosed. The method includes encrypting the data element with a first key on a first client system. A set of permissions is stored in association with the encrypted data element, and a first signature is generated from the set of permissions for the data element. The first key is encrypted with a second key on the first client system. The encrypted first key is stored in association with the encrypted data element, and the second key is encrypted with a public key of a public-private key pair of a first user on the first client system. The first signature and the encrypted second key are transmitted from the first client system to a server system for storage.

主权项

1. A method of protecting a data element, comprising:
encrypting the data element with a first key on a first client system; storing a set of permissions in association with the encrypted data element; generating a first signature from the set of permissions for the data element; after the generating of the first signature, determining whether a stored signature on the first client system matches the first signature; in response to determining that no stored signature matches the first signature:
generating a second key; andstoring the second key in association with the first signature on the first client system; encrypting the first key with the second key on the first client system; storing the encrypted first key in association with the encrypted data element; encrypting the second key with a public key of a public-private key pair of a first user on the first client system; and transmitting the first signature and the encrypted second key from the first client system to a server system for storage.